Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
We were gone for a few weeks, but since many of you have asked for a comeback, here it is. We'll try to keep it alive!
For the less technical
- Adrian Lamo, ‘homeless hacker’ who turned in Chelsea Manning, dead at 37
- Big Data Gate
- How Trump Consultants Exploited the Facebook Data of Millions
- 50 million Facebook profiles harvested for Cambridge Analytica in major data breach
- Cambridge Analytica whistleblower
- Mark Zuckerberg breaks silence on Cambridge Analytica
- Who is Dr Aleksandr Kogan, the Cambridge academic accused of misusing Facebook data
- Every Facebook app collected users’ personal data
- Level 3 technician's misstep causes largest outage ever reported
- Orbitz says legacy travel site likely hacked, affecting 880k
- Kaspersky's 'Slingshot' report burned an ISIS-focused intelligence operation
- Nine Iranians indicted by US for hacking to steal research data + FBI's wanted list
- Telegram loses bid to block Russia from encryption keys
- Some people repeatedly win the Wisconsin Lottery. Do they play fair?
- The 'Breaking Bad' student gang who sold $1m worth of drugs over the 'dark web'
- Reddit just banned /r/DarkNetMarkets - biggest darknet subreddit
- Pirate websites expose users to more malware
- Protecting security researchers at Dropbox
- Kaspersky Lab plans Swiss data center
For the more technical
- A bug in Cloudflare’s Auto Minify service
- Initial AMD technical assessment of CTS Labs research
- Siemens patches DoS flaws in industrial products (PDF)
- Drupal 7 and 8 core highly critical release
- Thousands of etcd servers are openly sharing credentials
- Windows Remote Assistance XXE vulnerability
- A beautiful exploit chain on GitHub Enterprise
- Breaking the Ledger security model
- Ethereum account balance manipulation
- Recovering plaintext passwords from Azure virtual machines
- Facebook scraped call, text message data for years from Android phones
- Leaking Facebook internal IP infrastructure
- TeleRAT: Android trojan leveraging Telegram’s Bot API to target Iranian users
- Reversing iBank trojan
- New Fakebank variant intercepts calls to connect banking users to scammers
- TrickBot banking trojan adapts with new module
- Dofoil trojan with coin-miner
- Glupteba is no longer part of Windigo
- Pop-up ads are helping distribute botnets, cryptocurrency miners and ransomware
- Sigma ransomware resurfaces following a three-month disappearance
- Sanny malware delivery method updated in recently observed attacks
- URL shortcut files abused to deliver malware
- Cryptocurrency miner distributed via PHP vulnerability, targets Linux servers
- How long does it take for a MongoDB to be compromised
- GitHub hosts infostealer - part 1 & 2
- Oracle EBS password decryption scheme
- Dynamic analysis of iOS apps without Jailbreak
- Online sandboxing services as a data exfiltration intermediary (PDF)
- Gaining filesystem access via blind OOB XXE
- Strategies in ransomware for robots
- New R2D2 technique protects files against wiper malware
- Introducing Certificate Transparency and Nimbus
- Energetic DragonFly DYMALLOY Bear 2.0
- Watering hole attack on leading Hong Kong telecom site exploiting Flash flaw
- Scarlett Johansson’s picture got PostgreSQL database to start mining monero
- Happy New Year wishes from China
- APT attacks targeting financial institutions (PDF)
- Assessing the cyber readiness of the Middle East’s oil and gas sector
- Q4 2017 global DDoS threat landscape report
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
Comments